Lucene search
K

12 matches found

CVE
CVE
added 2026/03/20 1:18 a.m.18 views

CVE-2026-32881

Summary: CVE-2026-32881 affects the Gleam web server “ewe.” Versions 0.6.0–3.0.4 are vulnerable to an authentication bypass and header spoofing due to how trailer headers are merged into req.headers after body parsing. The denylist in the trailer handling only blocks nine header names, allowing a...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/12 2:1 p.m.2 views

OPENSUSE-SU-2026:20204-1 Security update for python-aiohttp, python-Brotli

This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed...

8.7CVSS7.1AI score0.00487EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 2025/09/03 12:48 p.m.3 views

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS7.4AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2025/09/03 12:48 p.m.5 views

SUSE-SU-2025:03057-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517...

7.5CVSS6.7AI score0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/14 8:17 p.m.8 views

CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

6.3CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2025/07/14 8:17 p.m.123 views

CVE-2025-53643

CVE-2025-53643 (aiohttp) : Prior to 3.12.14, the Python parser is vulnerable to HTTP request smuggling due to not parsing trailer sections. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker may smuggle requests to bypass certain firewalls/proxy protections. Th...

7.5CVSS7.3AI score0.00297EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/27 12:0 a.m.22 views

Debian dla-3897 : trafficserver - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3897 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3897-1 [email protected]...

9.1CVSS7.3AI score0.01085EPSS
Exploits0References8
NVD
NVD
added 2024/07/26 10:15 a.m.28 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

9.1CVSS0.0097EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/07/26 10:15 a.m.25 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

9.1CVSS7AI score0.0097EPSS
Exploits0References3
CVE
CVE
added 2024/07/26 9:10 a.m.97 views

CVE-2024-35161

CVE-2024-35161 affects Apache Traffic Server. Versions 8.0.0–8.1.10 and 9.0.0–9.2.4 forward malformed HTTP chunked trailer sections to origin servers, enabling potential request smuggling and, if the origin is vulnerable, cache poisoning. Debian and Tenable advisories confirm multiple vendors iss...

9.1CVSS6.6AI score0.0097EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/26 9:10 a.m.32 views

CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

7.2AI score0.0097EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/07/26 9:10 a.m.19 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

9.1CVSS7.2AI score0.0097EPSS
Exploits0
Rows per page
Query Builder